[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

US9344273B2 - Cryptographic device for implementing S-box - Google Patents

Cryptographic device for implementing S-box Download PDF

Info

Publication number
US9344273B2
US9344273B2 US14/291,665 US201414291665A US9344273B2 US 9344273 B2 US9344273 B2 US 9344273B2 US 201414291665 A US201414291665 A US 201414291665A US 9344273 B2 US9344273 B2 US 9344273B2
Authority
US
United States
Prior art keywords
logic gates
bits
circuit logic
gates
input signal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US14/291,665
Other versions
US20160112194A1 (en
Inventor
Hong-Mook Choi
Xingguang FENG
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Priority to US14/291,665 priority Critical patent/US9344273B2/en
Publication of US20160112194A1 publication Critical patent/US20160112194A1/en
Application granted granted Critical
Publication of US9344273B2 publication Critical patent/US9344273B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/38Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/3005Arrangements for executing specific machine instructions to perform operations for flow control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/122Hardware reduction or efficient architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/127Trusted platform modules [TPM]

Definitions

  • Apparatuses and methods consistent with exemplary embodiments relate to a cryptographic device.
  • DES Data encryption standard
  • S-Box substitution box for use in DES carries out a substitution operation to convert an m-bit input into an n-bit output.
  • an S-Box When DES is embodied with hardware, an S-Box is designed using a lookup table. However, a data value of the S-Box may be exposed to a hacker according to a hardware design technique. Accordingly, there is a need for the hardware design for an S-Box that is capable of preventing exposure of internal data even when the S-Box is attacked by a hacker.
  • Exemplary embodiments provide a cryptographic device.
  • a cryptographic device including: arrays of first logic gates including I first logic gates each receiving 2 bits from among N bits of an input signal, where I and N are positive integers; 2 N second logic gates each receiving corresponding J bits from among I bits output from the arrays of first logic gates, where J is a positive integer; and L third logic gates each receiving K bits from among 2 N bits of signal output from the second logic gates, where L and K are positive integers, wherein the I bits, the 2 N bits, and L bits respectively output from the arrays of the first logic gates, the second logic gates, and the third logic gates each have only one active bit, and there is a many-to-one correspondence between the N bits of the input signal and an output signal of the third logic gates.
  • a cryptographic device including: an array of first logic gates receiving first 2 bits among 6 bits of an input signal and outputting first 4 bits; an array of second logic gates receiving second 2 bits among the 6 bits of the input signal and outputting second 4 bits; an array of third logic gates receiving third 2 bits among the 6 bits of the input signal and outputting third 4 bits; 64 forth logic gates each receiving corresponding 3 bits from among the 4 bits output from the arrays of the first, second, and third logic gates; and 16 fifth logic gates each receiving 4 bits from among the 64 bits output from the fourth logic gates, wherein the 4 bits, the 64 bits, and the 16 bits respectively output from the arrays of the first, second, and third logic gates, the fourth logic gates, and the fifth logic gates each have only one active bit, and there is a many-to-one correspondence between the 6 bits of the input signal and an output signal of the fifth logic gates.
  • a cryptographic device including: a first decoder which decodes an input signal of N bits into 2 N bits; and a second decoder which decodes the 2 N bits output from the first decoder into L bits, wherein the 2 N bits output from the first decoder and the L bits output from the second decoder each include only one active bit, and wherein N and L are positive integers.
  • a cryptographic method including: receiving, at each of arrays of first logic gates comprising I first logic gates, 2 bits from among N bits of an input signal; receiving, at each of 2 N second logic gates, corresponding J bits from among I bits output from the arrays of the first logic gates; and receiving, at each of L third logic gates, K bits from among 2 N bits output from the second logic gates, wherein the I bits, the 2 N bits, and L bits respectively output from the arrays of the first logic gates, the second logic gates, and the third logic gates each have only one active bit, wherein there is a many-to-one correspondence between the N bits of the input signal and an output signal of the third logic gates, and wherein the N, I, J, K, and L are positive integers, respectively.
  • FIG. 1 illustrates a cryptographic device according to an exemplary embodiment
  • FIG. 2 illustrates a cryptographic device according to another exemplary embodiment
  • FIG. 3 illustrates a detailed circuit configuration of arrays of logic gates shown in FIG. 2 according to an exemplary embodiment
  • FIG. 4 illustrates an S-Box lookup table according to an exemplary embodiment
  • FIG. 5 illustrates an example of a cryptographic device having a reset function according to an exemplary embodiment
  • FIG. 6 illustrates a circuit configuration of arrays of logic gates shown in FIG. 2 according to another exemplary embodiment.
  • FIG. 1 illustrates a cryptographic device 100 according to an exemplary embodiment.
  • the cryptographic device 100 includes a first decoder 110 , a second decoder 120 , and an encoder 130 .
  • the first decoder 110 receives an input signal IN which is 6 bits and outputs 64 bits.
  • the 64 bit output from the first decoder 110 includes one active bit from among the 64 bits according to the 6 bits of the input signal IN.
  • the second decoder 120 decodes the 64 bits from the first decoder 110 into 16 bits. Irrespective of a value of the 6 bits of the input signal IN, power consumed in the first and second decoders 110 and 120 is constantly maintained. As a result, the cryptographic device 100 may be protected from a hacker's attack, such as a differential power attack (DPA) and an attack through electromagnetic (EM) detection.
  • DPA differential power attack
  • EM electromagnetic
  • the encoder 130 encodes the 16 bits output from the second decoder 120 into a 4 bit output signal OUT and outputs the output signal OUT.
  • the cryptographic device 100 shown in FIG. 1 may convert 6 bits of input signal IN into 4 bits of output signal OUT according to an S-Box many-to-one binary function.
  • FIG. 2 illustrates a cryptographic device 200 according to another exemplary embodiment.
  • the cryptographic device 200 includes arrays 211 , 212 , and 213 of first logic gates, an array 220 of second logic gates, an array 230 of third logic gates, and an encoder 240 .
  • the array 211 of the first logic gates receives 2 bits A 0 and A 1 from among bits of an input signal IN and outputs 4 bits B 0 , B 1 , B 2 , and B 3 .
  • the array 211 of the first logic gates includes a plurality of logic gates (not shown) each receiving 2 bits A 0 and A 1 .
  • the other arrays 212 and 213 of the first logic gates are organized with the same or similar circuit structure as the array 211 of the first logic gates and perform the same or similar operations as the array 211 of the first logic gates.
  • Each of the arrays 211 , 212 , and 213 receives different 2 bits from among the bits of the input signal IN and outputs 4 bits. That is, the arrays 211 , 212 , and 213 output a total of 12 bits B 0 ⁇ B 11 .
  • the array 220 of the second logic gates receives the 12 bits from the arrays 211 , 212 , and 213 of the first logic gates and outputs 64 bits C 0 ⁇ C 63 .
  • the array 220 of the second logic gates includes a plurality of logic gates (not shown) each receiving 1 bit from each of the arrays 211 , 212 , and 213 of the first logic gates (i.e., each receiving a total of 3 bits).
  • the array 230 of the third logic gates receives the 64 bits C 0 ⁇ C 63 from the array 220 of the second logic gates and outputs 16 bits D 0 ⁇ D 15 corresponding to the 64 bits C 0 ⁇ C 63 .
  • the array 230 of the third logic gates includes a plurality of logic gates (not shown) each receiving 4 bits from among the 64 bits C 0 ⁇ C 64 from the array 220 of the second logic gates. There is a many-to-one correspondence according to an S-Box binary function between 6 bits of the input signal IN and a K-bit signal input to the respective logic gates in the array 230 of the third logic gates.
  • the encoder 240 outputs the 16 bits D 0 ⁇ D 15 output from the array 230 of the third logic gates, as a 4 bit signal OUT.
  • the encoder 240 encodes the 16 bits D 0 ⁇ D 15 into 4 bits of signal OUT.
  • the encoder 240 may be designed to constantly consume current although the 16 bits of signals D 0 ⁇ D 15 have any value.
  • the cryptographic device 200 shown in FIG. 2 may substitute 6 bits of input signal IN with 4 bits of output signal OUT according to an S-Box binary function.
  • one of respective logic gates constructed therein i.e., a total five logic gates
  • FIG. 3 illustrates a detailed circuit configuration of arrays of logic gates shown in FIG. 2 according to an exemplary embodiment.
  • the array 211 of the first logic gates include two inverters 301 and 302 and four AND gates 303 ⁇ 306 .
  • the inverter 301 receives an input signal A 0
  • the inverter 302 receives an input signal A 1 .
  • the AND gate 303 receives the input signals A 0 and A 1 .
  • the AND gate 304 receives the input signal A 0 and an output of the inverter 302 .
  • the AND gate 305 receives an output of the inverter 301 and the input signal A 1 .
  • the AND gate 306 receives outputs of the inverters 301 and 302 .
  • the array 211 of the first logic gates receive 2 bits A 0 and A 1 and outputs 4 bits through the AND gates 303 ⁇ 306 .
  • the arrays 212 and 213 of other first logic gates are organized with the same or similar structures as the array 211 of the first logic gates.
  • the array 212 of the first logic gates receives input signals A 2 and A 3 and the array 213 of the first logic gates receives input signals A 4 and A 5 .
  • the array 220 of the second logic gates includes 64 AND gates 311 .
  • Each of the AND gates 311 includes three input terminals and an output terminal. Furthermore, each of the AND gates 311 receives 1 bit from each of the arrays 211 , 212 , and 213 of the first logic gates (i.e., each of the AND gates 311 receives a total of 3 bits). More specifically, each of the AND gates 311 in the array 220 of the second logic gates receives 1 bit from among the 4 bits B 0 ⁇ B 3 , 1 bit from among the 4 bits B 4 ⁇ B 7 , and 1 bit from among the 4 bits B 9 ⁇ B 11 .
  • the 64 bits C 0 ⁇ C 63 output from the array 220 of the second logic gates are decoding signals according to the number of cases (2 6 ) of A 0 , A 1 , A 2 , A 3 , A 4 , and A 5 . Only one of the 64 AND gates 311 in the array 220 of the second logic gates is toggled according to 12 bits B 0 ⁇ B 11 output from the arrays 211 ⁇ 213 of the first logic gates. That is, among the 64 bits C 0 ⁇ C 63 output from the 64 AND gates 311 in the array 220 of the second logic gates, only one bit is an active bit.
  • the array 230 of the third logic gates includes 16 OR gates 321 .
  • Each of the OR gates 321 includes four input terminals and one output terminal.
  • Each of the OR gates 321 receives 4 bits from among the 64 bits C 0 ⁇ C 63 output from the array 230 of the second logic gates.
  • the 4 bits input to each of the OR gates 321 are determined according to an S-Box lookup table.
  • FIG. 4 illustrates an S-Box lookup table according to an exemplary embodiment. Although a DES algorithm uses a total of eight S-Boxes, FIG. 4 shows one S-Box. Referring to FIG. 4 , the lookup table shows 4 output bits to 6 bits of input signal A 0 ⁇ A 5 . Among the 6 bits A 0 ⁇ A 5 , 2 bits A 0 and A 5 designate rows of the lookup table and four bits A 1 , A 2 , A 3 , and A 4 designate columns of the lookup table.
  • the output signal “0111” is designated by not only the row “10” and the column “1011” but also a row “00” and a column “1111,” a row “01” and a column “0010,” and a row “11” and a column “0111.” This is because the S-BOX uses a many-to-one binary function.
  • the array 230 of the third logic gates always outputs the same 4 bits to four types of values of 6 bits of input signals A 0 ⁇ A 5 according to the lookup table shown in FIG. 4 .
  • each of the OR gates 321 in the array 230 of the third logic gates receives 4 bits from among the 64 bits C 0 ⁇ C 63 output from the AND gates 311 in the array 220 of the second logic gates.
  • an OR gate corresponding to “0111” in the array 230 of the third logic gates is connected to receive output signals of an AND gate corresponding to “011110,” “000101,” “110110,” and “101111” in the array 220 of the second logic gates.
  • input terminals of the OR gates 321 in the array 230 of the third logic gates are connected to output signals of the AND gates 311 in the array 220 of the second logic gates according to the lookup table shown in FIG. 4 .
  • the 16 bits D 0 ⁇ D 15 output from the array 230 of the third logic gates are provided to the encoder 240 shown in FIG. 2 .
  • AND gates in the arrays 211 , 212 , and 213 of the first logic gates and the array 220 of the second logic gates are toggled one by one. Further, any one of the OR gates in the array 230 of the third logic gates is toggled. Accordingly, a total of five logic gates are toggled at the arrays 211 , 212 , 213 , 220 , and 230 of the first to third logic gates although the input signals A 0 -A 5 have any value. For this reason, the amount of current consumed at the arrays 211 , 212 , 213 , 220 , and 230 of the first to third logic gates is always constant irrespective of values of the input signals A 0 ⁇ A 6 . Accordingly, with a simple circuit configuration, an S-Box for DES algorithm is implemented using hardware, and a cryptographic device with security against a hacker's attack may be implemented.
  • the cryptographic device 200 shown in FIG. 3 is a cryptographic device implementing one S-Box. Eight cryptographic devices 200 are used to implement eight S-Boxes. In that case, the AND gates 311 in the array 220 of the second logic gates are connected to the OR gates 321 in the array 230 of the third logic gates according to a many-to-one correspondence between input and output signals of the S-Box.
  • an input signal IN is 6 bits and an output signal OUT is 4 bits.
  • bit widths of the input signal IN and the output signal OUT may be variously changed. With the change in bit widths of the input signal IN and the output signal OUT, the number of the arrays 211 , 212 , and 213 of the first logic gates, the number of the AND gates 311 in the array 220 of the second logic gates, and the number of the OR gates 230 in the third logic gates are changed. However, a many-to-one correspondence between the input signal IN and the output signal OUT is established.
  • FIG. 5 illustrates an example of a cryptographic device 500 having a reset function according to an exemplary embodiment.
  • the cryptographic device 500 further inputs a clock signal CK to AND gates in arrays 511 ⁇ 513 of first logic gates. If a previous output signal is logic “1,” the AND gates invert the output signal into logic “0” at a low level of the clock signal CK. In this case, the amount of current consumption is not changed because only 1 bit transitions to an inactive state.
  • FIG. 6 illustrates another circuit configuration of arrays of logic gates shown in FIG. 2 according to another exemplary embodiment.
  • arrays 611 ⁇ 613 of first logic gates include OR gates 603 ⁇ 606
  • an array 620 of second logic gates includes OR gates 621
  • an array 630 of third logic gates includes AND gates 631 .
  • input signals A 0 ⁇ A 5 have any value like in FIG. 3 , only five logic gates are toggled at arrays 611 , 612 , 613 , 620 , and 630 of first to third logic gates shown in FIG. 6 .
  • Signals output from the arrays 611 , 612 , 613 , 620 , and 630 of the first to third logic gates include five inactive bits with the other bits being active bits.
  • the amount of current consumed at the arrays 611 , 612 , 613 , 620 , and 630 of the first to third logic gates is always constant irrespective of values of the input signals A 0 ⁇ A 6 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Computational Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Analysis (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Logic Circuits (AREA)

Abstract

Provided is a cryptographic device implementing an S-Box of an encryption algorithm using a many-to-one binary function. The cryptographic device includes: arrays of first logic gates including I first logic gates which each receive 2 bits of an input signal; 2N second logic gates which each receive corresponding J bits from among I bits output from the arrays of the first logic gates; and L third logic gates which each receive K bits from among 2N bits output from the second logic gates, wherein there is a many-to-one correspondence between the N bits of the input signal and the K bits input to each of the third logic gates, and wherein the N, I, J, K, and L are positive integers. Because a signal output from each array includes only one active bit, current is always consumed constantly to prevent internal data from leaking out to a hacker.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
This is a continuation application of U.S. application Ser. No. 12/889,854, filed Sep. 24, 2010, which claims priority from Korean Patent Application No. 10-2009-0117881, filed on Dec. 1, 2009 in the Korean Intellectual Property Office, the entirety of which is hereby incorporated by reference.
BACKGROUND
1. Field
Apparatuses and methods consistent with exemplary embodiments relate to a cryptographic device.
2. Description of Related Art
In recent years, information transmitted by a user in communications using a smart card or an integrated circuit (IC) card, Internet communications, wireless local area network (LAN) communications, and Internet banking include secret information. Secret information may be leaked by hacking. Therefore, hardware encryption/decryption devices are increasingly being used to prevent the leakage of secret information. Prior to transmission of secret information receiving a signature or passing an authentication procedure, the hardware encryption/decryption device transforms the secret information into a cryptogram.
Because speed of an encryption operation is typically low, most encryption operations are carried out using hardware to be applied to devices such as a smart card. Data encryption standard (DES) is a type of block encryption algorithm and a symmetric key encryption scheme using 56 bits of a key. A substitution box (hereinafter referred to as “S-Box”) for use in DES carries out a substitution operation to convert an m-bit input into an n-bit output.
When DES is embodied with hardware, an S-Box is designed using a lookup table. However, a data value of the S-Box may be exposed to a hacker according to a hardware design technique. Accordingly, there is a need for the hardware design for an S-Box that is capable of preventing exposure of internal data even when the S-Box is attacked by a hacker.
SUMMARY
Exemplary embodiments provide a cryptographic device.
According to an aspect of an exemplary embodiment, there is provided a cryptographic device including: arrays of first logic gates including I first logic gates each receiving 2 bits from among N bits of an input signal, where I and N are positive integers; 2N second logic gates each receiving corresponding J bits from among I bits output from the arrays of first logic gates, where J is a positive integer; and L third logic gates each receiving K bits from among 2N bits of signal output from the second logic gates, where L and K are positive integers, wherein the I bits, the 2N bits, and L bits respectively output from the arrays of the first logic gates, the second logic gates, and the third logic gates each have only one active bit, and there is a many-to-one correspondence between the N bits of the input signal and an output signal of the third logic gates.
According to an aspect of an exemplary embodiment, there is provided a cryptographic device including: an array of first logic gates receiving first 2 bits among 6 bits of an input signal and outputting first 4 bits; an array of second logic gates receiving second 2 bits among the 6 bits of the input signal and outputting second 4 bits; an array of third logic gates receiving third 2 bits among the 6 bits of the input signal and outputting third 4 bits; 64 forth logic gates each receiving corresponding 3 bits from among the 4 bits output from the arrays of the first, second, and third logic gates; and 16 fifth logic gates each receiving 4 bits from among the 64 bits output from the fourth logic gates, wherein the 4 bits, the 64 bits, and the 16 bits respectively output from the arrays of the first, second, and third logic gates, the fourth logic gates, and the fifth logic gates each have only one active bit, and there is a many-to-one correspondence between the 6 bits of the input signal and an output signal of the fifth logic gates.
According to an aspect of another exemplary embodiment, there is provided a cryptographic device including: a first decoder which decodes an input signal of N bits into 2N bits; and a second decoder which decodes the 2N bits output from the first decoder into L bits, wherein the 2N bits output from the first decoder and the L bits output from the second decoder each include only one active bit, and wherein N and L are positive integers.
According to an aspect of another exemplary embodiment, there is provided a cryptographic method including: receiving, at each of arrays of first logic gates comprising I first logic gates, 2 bits from among N bits of an input signal; receiving, at each of 2N second logic gates, corresponding J bits from among I bits output from the arrays of the first logic gates; and receiving, at each of L third logic gates, K bits from among 2N bits output from the second logic gates, wherein the I bits, the 2N bits, and L bits respectively output from the arrays of the first logic gates, the second logic gates, and the third logic gates each have only one active bit, wherein there is a many-to-one correspondence between the N bits of the input signal and an output signal of the third logic gates, and wherein the N, I, J, K, and L are positive integers, respectively.
BRIEF DESCRIPTION OF THE DRAWINGS
Exemplary embodiments will become more apparent in view of the attached drawings and accompanying detailed description. The exemplary embodiments depicted therein are provided by way of example, not by way of limitation, wherein like reference numerals refer to the same or similar elements. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating aspects of the exemplary embodiments, wherein:
FIG. 1 illustrates a cryptographic device according to an exemplary embodiment;
FIG. 2 illustrates a cryptographic device according to another exemplary embodiment;
FIG. 3 illustrates a detailed circuit configuration of arrays of logic gates shown in FIG. 2 according to an exemplary embodiment;
FIG. 4 illustrates an S-Box lookup table according to an exemplary embodiment;
FIG. 5 illustrates an example of a cryptographic device having a reset function according to an exemplary embodiment; and
FIG. 6 illustrates a circuit configuration of arrays of logic gates shown in FIG. 2 according to another exemplary embodiment.
DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS
Exemplary embodiments will now be described more fully hereinafter with reference to the accompanying drawings.
FIG. 1 illustrates a cryptographic device 100 according to an exemplary embodiment. As illustrated, the cryptographic device 100 includes a first decoder 110, a second decoder 120, and an encoder 130. The first decoder 110 receives an input signal IN which is 6 bits and outputs 64 bits. The 64 bit output from the first decoder 110 includes one active bit from among the 64 bits according to the 6 bits of the input signal IN.
The second decoder 120 decodes the 64 bits from the first decoder 110 into 16 bits. Irrespective of a value of the 6 bits of the input signal IN, power consumed in the first and second decoders 110 and 120 is constantly maintained. As a result, the cryptographic device 100 may be protected from a hacker's attack, such as a differential power attack (DPA) and an attack through electromagnetic (EM) detection.
The encoder 130 encodes the 16 bits output from the second decoder 120 into a 4 bit output signal OUT and outputs the output signal OUT. The cryptographic device 100 shown in FIG. 1 may convert 6 bits of input signal IN into 4 bits of output signal OUT according to an S-Box many-to-one binary function.
FIG. 2 illustrates a cryptographic device 200 according to another exemplary embodiment. As illustrated, the cryptographic device 200 includes arrays 211, 212, and 213 of first logic gates, an array 220 of second logic gates, an array 230 of third logic gates, and an encoder 240. The array 211 of the first logic gates receives 2 bits A0 and A1 from among bits of an input signal IN and outputs 4 bits B0, B1, B2, and B3. The array 211 of the first logic gates includes a plurality of logic gates (not shown) each receiving 2 bits A0 and A1. The other arrays 212 and 213 of the first logic gates are organized with the same or similar circuit structure as the array 211 of the first logic gates and perform the same or similar operations as the array 211 of the first logic gates. Each of the arrays 211, 212, and 213 receives different 2 bits from among the bits of the input signal IN and outputs 4 bits. That is, the arrays 211, 212, and 213 output a total of 12 bits B0˜B11.
The array 220 of the second logic gates receives the 12 bits from the arrays 211, 212, and 213 of the first logic gates and outputs 64 bits C0˜C63. The array 220 of the second logic gates includes a plurality of logic gates (not shown) each receiving 1 bit from each of the arrays 211, 212, and 213 of the first logic gates (i.e., each receiving a total of 3 bits).
The array 230 of the third logic gates receives the 64 bits C0˜C63 from the array 220 of the second logic gates and outputs 16 bits D0˜D15 corresponding to the 64 bits C0˜C63. The array 230 of the third logic gates includes a plurality of logic gates (not shown) each receiving 4 bits from among the 64 bits C0˜C64 from the array 220 of the second logic gates. There is a many-to-one correspondence according to an S-Box binary function between 6 bits of the input signal IN and a K-bit signal input to the respective logic gates in the array 230 of the third logic gates.
The encoder 240 outputs the 16 bits D0˜D15 output from the array 230 of the third logic gates, as a 4 bit signal OUT. The encoder 240 encodes the 16 bits D0˜D15 into 4 bits of signal OUT. The encoder 240 may be designed to constantly consume current although the 16 bits of signals D0˜D15 have any value. Thus, the cryptographic device 200 shown in FIG. 2 may substitute 6 bits of input signal IN with 4 bits of output signal OUT according to an S-Box binary function.
In the respective arrays 211, 212, 213, 220, and 230, one of respective logic gates constructed therein (i.e., a total five logic gates) outputs an active bit (or inactive bit) although an input signal IN has any value. Therefore, power is constantly consumed irrespective of the input signal IN.
FIG. 3 illustrates a detailed circuit configuration of arrays of logic gates shown in FIG. 2 according to an exemplary embodiment. Referring to FIG. 3, the array 211 of the first logic gates include two inverters 301 and 302 and four AND gates 303˜306. The inverter 301 receives an input signal A0, and the inverter 302 receives an input signal A1. The AND gate 303 receives the input signals A0 and A1. The AND gate 304 receives the input signal A0 and an output of the inverter 302. The AND gate 305 receives an output of the inverter 301 and the input signal A1. The AND gate 306 receives outputs of the inverters 301 and 302. The array 211 of the first logic gates receive 2 bits A0 and A1 and outputs 4 bits through the AND gates 303˜306. The arrays 212 and 213 of other first logic gates are organized with the same or similar structures as the array 211 of the first logic gates. The array 212 of the first logic gates receives input signals A2 and A3 and the array 213 of the first logic gates receives input signals A4 and A5.
In the array 211 of the first logic gates, only one AND gate among the four AND gates 303˜306 is toggled according to the input signals A0 and A1. That is, only one bit among four bits B0˜B3 output from the four AND gates 303˜306 is an active bit that is a high level. Since the array 211 of the first logic gates always outputs one active bit for all cases of the input signals A0 and A1, current consumed at the array 211 of the first logic gates is always constant. Similar to the array 212 of the first logic gates, each of the other arrays 212 and 213 of the first logic gates outputs only one active bit.
The array 220 of the second logic gates includes 64 AND gates 311. Each of the AND gates 311 includes three input terminals and an output terminal. Furthermore, each of the AND gates 311 receives 1 bit from each of the arrays 211, 212, and 213 of the first logic gates (i.e., each of the AND gates 311 receives a total of 3 bits). More specifically, each of the AND gates 311 in the array 220 of the second logic gates receives 1 bit from among the 4 bits B0˜B3, 1 bit from among the 4 bits B4˜B7, and 1 bit from among the 4 bits B9˜B11. The 64 bits C0˜C63 output from the array 220 of the second logic gates are decoding signals according to the number of cases (26) of A0, A1, A2, A3, A4, and A5. Only one of the 64 AND gates 311 in the array 220 of the second logic gates is toggled according to 12 bits B0˜B11 output from the arrays 211˜213 of the first logic gates. That is, among the 64 bits C0˜C63 output from the 64 AND gates 311 in the array 220 of the second logic gates, only one bit is an active bit.
The array 230 of the third logic gates includes 16 OR gates 321. Each of the OR gates 321 includes four input terminals and one output terminal. Each of the OR gates 321 receives 4 bits from among the 64 bits C0˜C63 output from the array 230 of the second logic gates. The 4 bits input to each of the OR gates 321 are determined according to an S-Box lookup table.
FIG. 4 illustrates an S-Box lookup table according to an exemplary embodiment. Although a DES algorithm uses a total of eight S-Boxes, FIG. 4 shows one S-Box. Referring to FIG. 4, the lookup table shows 4 output bits to 6 bits of input signal A0˜A5. Among the 6 bits A0˜A5, 2 bits A0 and A5 designate rows of the lookup table and four bits A1, A2, A3, and A4 designate columns of the lookup table. For example, when the input signal A0˜A5 is “110110”, “0111” of a position designated by a column “1011” of a row “10” designated by the 2 bits A0 and A5 is selected as an output signal. In this case, the output signal “0111” is designated by not only the row “10” and the column “1011” but also a row “00” and a column “1111,” a row “01” and a column “0010,” and a row “11” and a column “0111.” This is because the S-BOX uses a many-to-one binary function.
Returning to FIG. 3, the array 230 of the third logic gates always outputs the same 4 bits to four types of values of 6 bits of input signals A0˜A5 according to the lookup table shown in FIG. 4. Thus, each of the OR gates 321 in the array 230 of the third logic gates receives 4 bits from among the 64 bits C0˜C63 output from the AND gates 311 in the array 220 of the second logic gates. For example, when 6 bits of input signal A0˜A5 are “011110,” “000101,” “110110,” and “101111,” an output signal is “0111.” Therefore, an OR gate corresponding to “0111” in the array 230 of the third logic gates is connected to receive output signals of an AND gate corresponding to “011110,” “000101,” “110110,” and “101111” in the array 220 of the second logic gates. Likewise, input terminals of the OR gates 321 in the array 230 of the third logic gates are connected to output signals of the AND gates 311 in the array 220 of the second logic gates according to the lookup table shown in FIG. 4. The 16 bits D0˜D15 output from the array 230 of the third logic gates are provided to the encoder 240 shown in FIG. 2.
As illustrated in FIG. 3, AND gates in the arrays 211, 212, and 213 of the first logic gates and the array 220 of the second logic gates are toggled one by one. Further, any one of the OR gates in the array 230 of the third logic gates is toggled. Accordingly, a total of five logic gates are toggled at the arrays 211, 212, 213, 220, and 230 of the first to third logic gates although the input signals A0-A5 have any value. For this reason, the amount of current consumed at the arrays 211, 212, 213, 220, and 230 of the first to third logic gates is always constant irrespective of values of the input signals A0˜A6. Accordingly, with a simple circuit configuration, an S-Box for DES algorithm is implemented using hardware, and a cryptographic device with security against a hacker's attack may be implemented.
The cryptographic device 200 shown in FIG. 3 is a cryptographic device implementing one S-Box. Eight cryptographic devices 200 are used to implement eight S-Boxes. In that case, the AND gates 311 in the array 220 of the second logic gates are connected to the OR gates 321 in the array 230 of the third logic gates according to a many-to-one correspondence between input and output signals of the S-Box.
As set forth in the above-described exemplary embodiments, an input signal IN is 6 bits and an output signal OUT is 4 bits. However, bit widths of the input signal IN and the output signal OUT may be variously changed. With the change in bit widths of the input signal IN and the output signal OUT, the number of the arrays 211, 212, and 213 of the first logic gates, the number of the AND gates 311 in the array 220 of the second logic gates, and the number of the OR gates 230 in the third logic gates are changed. However, a many-to-one correspondence between the input signal IN and the output signal OUT is established.
FIG. 5 illustrates an example of a cryptographic device 500 having a reset function according to an exemplary embodiment. Unlike the cryptographic device 300 illustrated in FIG. 3, the cryptographic device 500 further inputs a clock signal CK to AND gates in arrays 511˜513 of first logic gates. If a previous output signal is logic “1,” the AND gates invert the output signal into logic “0” at a low level of the clock signal CK. In this case, the amount of current consumption is not changed because only 1 bit transitions to an inactive state. Moreover, in the case that input bits A0˜A5 have the same value during a previous cycle and a current cycle of the clock signal CK, it is possible to solve a problem that output bits of the arrays 511˜513 of the first logic gates do not turn to active/inactive bit.
FIG. 6 illustrates another circuit configuration of arrays of logic gates shown in FIG. 2 according to another exemplary embodiment. Referring to FIG. 6, unlike FIG. 3, arrays 611˜613 of first logic gates include OR gates 603˜606, an array 620 of second logic gates includes OR gates 621, and an array 630 of third logic gates includes AND gates 631.
Although input signals A0˜A5 have any value like in FIG. 3, only five logic gates are toggled at arrays 611, 612, 613, 620, and 630 of first to third logic gates shown in FIG. 6. Signals output from the arrays 611, 612, 613, 620, and 630 of the first to third logic gates include five inactive bits with the other bits being active bits. Likewise even when the arrays 211, 212, 213, 220, and 230 of the first to third logic gates illustrated in FIG. 3 are substituted with the arrays 611, 612, 613, 620, and 630 of the first to third logic gates, the amount of current consumed at the arrays 611, 612, 613, 620, and 630 of the first to third logic gates is always constant irrespective of values of the input signals A0˜A6.
To sum up, when an S-Box operation is carried out, constant current is always consumed to prevent internal data from leaking to hackers.
While exemplary embodiments have been described with reference to the accompanying drawings, it will be apparent to those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the present inventive concept. Therefore, it should be understood that the above exemplary embodiments are not limiting, but illustrative. Thus, the scope of the inventive concept is to be determined by the broadest permissible interpretation of the following claims and their equivalents, and shall not be restricted or limited by the foregoing description.

Claims (20)

What is claimed is:
1. An integrated circuit (IC) having a cryptographic function, the IC comprising:
a plurality of first circuit logic gates configured to receive an input signal having a plurality of bits;
a plurality of second circuit logic gates, each of the plurality of second circuit logic gates being configured to receive outputs of corresponding first circuit logic gates;
a plurality of third circuit logic gates, each of the plurality of third circuit logic gates being configured to receive outputs of corresponding second circuit logic gates; and
an encoder configured to receive outputs of the plurality of third circuit logic gates and to output an encoded signal having a plurality of bits,
wherein each of a plurality of values of the encoded signal corresponds to at least two values of a plurality of values of the input signal, each value of the encoded signal being represented by the plurality of bits of the encoded signal, each value of the input signal being represented by the plurality of bits of the input signal,
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the first circuit logic gates from among the plurality of first circuit logic gates output logic “1” and the remaining first circuit logic gates output logic “0”,
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the second circuit logic gates from among the plurality of second circuit logic gates output logic “1” and the remaining second circuit logic gates output logic “0”, and
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the third circuit logic gates from among the plurality of third circuit logic gates output logic “1” and the remaining third circuit logic gates output logic “0”.
2. The IC of claim 1, wherein the plurality of first circuit logic gates is arranged into one or more groups, each of the one or more groups including four or more first circuit logic gates from among the plurality of first circuit logic gates, each of the one or more groups being configured to receive two or more bits from among the plurality of bits of the input signal.
3. The IC of claim 2, wherein each of the plurality of second circuit logic gates receives one among outputs of each group of first circuit logic gates.
4. The IC of claim 2, wherein the predetermined number of the second circuit logic gates from among the plurality of second circuit logic gates is one, and
wherein the predetermined number of the third circuit logic gates from among the plurality of third circuit logic gates is one.
5. The IC of claim 4, wherein the predetermined number of the first circuit logic gates from among the plurality of first circuit logic gates equals to the number of the one or more groups, and
wherein one of the first circuit logic gates of each group outputs logic “1” and the remaining first circuit logic gates of each group output logic “0”.
6. The IC of claim 1, wherein the total number of the plurality of bits of the input signal is greater than the total number of the plurality of bits of the encoded signal.
7. The IC of claim 1, wherein the plurality of first circuit logic gates includes a plurality of AND gates,
wherein the plurality of second circuit logic gates includes AND gates, and
wherein the plurality of third circuit logic gates includes a plurality of OR gates.
8. The IC of claim 1, wherein the plurality of first circuit logic gates includes a plurality of OR gates,
wherein the plurality of second circuit logic gates includes OR gates, and
wherein the plurality of third circuit logic gates includes a plurality of AND gates.
9. The IC of claim 1, further comprising a plurality of inverters configured to invert the plurality of bits of the input signal.
10. The IC of claim 1, wherein total power consumed by the plurality of first circuit logic gates, the plurality of second circuit logic gates and the plurality of third circuit logic gates is constantly maintained, for any value of the plurality of bits of the input signal.
11. The IC of claim 1, wherein the IC device is configured to receive a reset signal.
12. The IC of claim 11, wherein each of the plurality of first circuit logic gates is configured to receive the reset signal.
13. The IC of claim 11, wherein the reset signal is a clock signal.
14. The IC of claim 1, wherein the total number of bits of the outputs of the plurality of second circuit logic gates is greater than the number of the plurality of bits of the input signal.
15. The IC of claim 1, wherein the total number of bits of the outputs of the plurality of second circuit logic gates is greater than the total number of bits of the outputs of the plurality of third circuit logic gates.
16. The IC of claim 1, wherein the IC device is a smart card.
17. The IC of claim 1, wherein the IC device is an integrated circuit card.
18. An integrated circuit (IC) having a cryptographic function, the IC comprising:
a decoder comprising a plurality of circuit logic gates configured to receive an input signal consisting of k bits; and
an encoder configured to receive an output signal from the plurality of circuit logic gates of the decoder and to encode the received output signal to generate an output signal having m bits,
wherein the decoder is configured to generate n number of logic ‘1’ in response to any input signal,
wherein each of k, m and n is a positive integer,
wherein k is greater than m, and
wherein the plurality of circuit logic gates comprises:
a plurality of first circuit logic gates configured to receive the input signal consisting of k bits, and
a plurality of second circuit logic gates, each of the plurality of second circuit logic gates being configured to receive outputs of corresponding first circuit logic gates.
19. The IC of claim 18, wherein the decoder comprises a plurality of AND gates and a plurality of OR gates.
20. An integrated circuit (IC) having a cryptographic function, the IC comprising:
a plurality of first circuit logic gates configured to receive an input signal having a plurality of bits;
a plurality of second circuit logic gates, each of the plurality of second circuit logic gates being configured to receive outputs of corresponding first circuit logic gates;
a plurality of third circuit logic gates, each of the plurality of third circuit logic gates being configured to receive outputs of corresponding second circuit logic gates; and
an encoder configured to receive outputs of the plurality of third circuit logic gates and to output an encoded signal having a plurality of bits,
wherein each of a plurality of values of the encoded signal corresponds to at least two values of a plurality of values of the input signal, each value of the encoded signal being represented by the plurality of bits of the encoded signal, each value of the input signal being represented by the plurality of bits of the input signal,
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the first circuit logic gates from among the plurality of first circuit logic gates output logic “1” and the remaining first circuit logic gates output logic “0”,
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the second circuit logic gates from among the plurality of second circuit logic gates output logic “1” and the remaining second circuit logic gates output logic “0”, and
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the third circuit logic gates from among the plurality of third circuit logic gates output logic “1” and the remaining third circuit logic gates output logic “0”.
US14/291,665 2009-12-01 2014-05-30 Cryptographic device for implementing S-box Active US9344273B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/291,665 US9344273B2 (en) 2009-12-01 2014-05-30 Cryptographic device for implementing S-box

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR1020090117881A KR101646705B1 (en) 2009-12-01 2009-12-01 Cryptographic device for implementing s-box
KR10-2009-0117881 2009-12-01
US12/889,854 US8750497B2 (en) 2009-12-01 2010-09-24 Cryptographic device for implementing S-box
US14/291,665 US9344273B2 (en) 2009-12-01 2014-05-30 Cryptographic device for implementing S-box

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/889,854 Continuation US8750497B2 (en) 2009-12-01 2010-09-24 Cryptographic device for implementing S-box

Publications (2)

Publication Number Publication Date
US20160112194A1 US20160112194A1 (en) 2016-04-21
US9344273B2 true US9344273B2 (en) 2016-05-17

Family

ID=44068921

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/889,854 Active 2032-11-10 US8750497B2 (en) 2009-12-01 2010-09-24 Cryptographic device for implementing S-box
US14/291,665 Active US9344273B2 (en) 2009-12-01 2014-05-30 Cryptographic device for implementing S-box

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US12/889,854 Active 2032-11-10 US8750497B2 (en) 2009-12-01 2010-09-24 Cryptographic device for implementing S-box

Country Status (2)

Country Link
US (2) US8750497B2 (en)
KR (1) KR101646705B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10891396B2 (en) 2016-05-27 2021-01-12 Samsung Electronics Co., Ltd. Electronic circuit performing encryption/decryption operation to prevent side- channel analysis attack, and electronic device including the same

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102100408B1 (en) 2014-03-04 2020-04-13 삼성전자주식회사 Encoder resistant to power analysis attack and encoding method thereof
EP3384422B1 (en) * 2015-12-02 2021-02-24 Cryptography Research, Inc. Freeze logic
KR20210108787A (en) * 2020-02-26 2021-09-03 삼성전자주식회사 A security circuit including dual encoder and endecryptor including thereof

Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4161036A (en) * 1977-11-08 1979-07-10 United States Of America, Director National Security Agency Method and apparatus for random and sequential accessing in dynamic memories
US5796837A (en) 1995-12-26 1998-08-18 Electronics And Telecommunications Research Institute Apparatus and method for generating a secure substitution-box immune to cryptanalyses
US6334190B1 (en) * 1997-07-15 2001-12-25 Silverbrook Research Pty Ltd. System for the manipulation of secure data
US6385070B1 (en) * 2001-03-13 2002-05-07 Tality, L.P. Content Addressable Memory array, cell, and method using 5-transistor compare circuit and avoiding crowbar current
US20020138740A1 (en) * 2001-03-22 2002-09-26 Bridgepoint Systems, Inc. Locked portal unlocking control apparatus and method
US20030115611A1 (en) * 1997-11-26 2003-06-19 Hilts Paul John Method and apparatus for bit vector array
US20040228482A1 (en) 2003-04-04 2004-11-18 Stmicroelectronics S.R.L. Method of implementing one-to-one binary function and relative hardware device, especially for a Rijndael S-box
US20050276095A1 (en) * 2003-07-14 2005-12-15 Fulcrum Microsystems Inc. Asynchronous static random access memory
US20060177052A1 (en) 2002-05-23 2006-08-10 Hubert Gerardus T S-box encryption in block cipher implementations
JP2006229485A (en) 2005-02-16 2006-08-31 Sony Corp Circuit and method for signal processing
US20080143561A1 (en) 2006-12-15 2008-06-19 Yoshikazu Miyato Operation processing apparatus, operation processing control method, and computer program
US7401223B2 (en) * 1998-07-10 2008-07-15 Silverbrook Research Pty Ltd Authentication chip for authenticating an untrusted chip
US20080276106A1 (en) * 2005-03-16 2008-11-06 Tosoh Corportion Data Conversion Apparatus and Data Conversion Method
US20090055458A1 (en) 2004-09-24 2009-02-26 O'neil Sean Substitution Boxes
US7545933B2 (en) 2004-02-25 2009-06-09 Infineon Technologies Ag Decryption circuit, encryption circuit, logic cell, and method of performing a dual-rail logic operation in single-rail logic environment
KR20090079664A (en) 2008-01-18 2009-07-22 고려대학교 산학협력단 Masking method of ARIA , and ARIA encryption apparatus and method using thereof
US20090245510A1 (en) * 2008-03-25 2009-10-01 Mathieu Ciet Block cipher with security intrinsic aspects
US7631190B2 (en) * 2004-05-27 2009-12-08 Silverbrook Research Pty Ltd Use of variant and base keys with two entities
US20100002872A1 (en) 2006-09-01 2010-01-07 Kyoji Shibutani Data transformation apparatus, data transformation method, and computer program
US20100115286A1 (en) 2008-10-30 2010-05-06 Qualcomm Incorporated Low latency block cipher
US20100208885A1 (en) * 2007-10-04 2010-08-19 Julian Philip Murphy Cryptographic processing and processors
US20100232602A1 (en) * 2009-03-13 2010-09-16 Hiromi Nobukata Encryption processing apparatus
US7856099B2 (en) 2003-05-22 2010-12-21 Gemalto Sa Secure data transmission between two modules
US20100322411A1 (en) * 2007-09-07 2010-12-23 Greenpeak Technologies B.V. Encrypton Processor
US20100329450A1 (en) 2009-06-30 2010-12-30 Sun Microsystems, Inc. Instructions for performing data encryption standard (des) computations using general-purpose registers
US8095993B2 (en) * 2004-06-08 2012-01-10 Hrl Laboratories, Llc Cryptographic architecture with instruction masking and other techniques for thwarting differential power analysis
US8832464B2 (en) * 2009-03-31 2014-09-09 Oracle America, Inc. Processor and method for implementing instruction support for hash algorithms

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101247482B1 (en) * 2009-08-27 2013-03-29 한양대학교 산학협력단 Apparatus for adiabatic logic against power analysis attack

Patent Citations (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4161036A (en) * 1977-11-08 1979-07-10 United States Of America, Director National Security Agency Method and apparatus for random and sequential accessing in dynamic memories
US5796837A (en) 1995-12-26 1998-08-18 Electronics And Telecommunications Research Institute Apparatus and method for generating a secure substitution-box immune to cryptanalyses
US6334190B1 (en) * 1997-07-15 2001-12-25 Silverbrook Research Pty Ltd. System for the manipulation of secure data
US20030115611A1 (en) * 1997-11-26 2003-06-19 Hilts Paul John Method and apparatus for bit vector array
US7401223B2 (en) * 1998-07-10 2008-07-15 Silverbrook Research Pty Ltd Authentication chip for authenticating an untrusted chip
US6385070B1 (en) * 2001-03-13 2002-05-07 Tality, L.P. Content Addressable Memory array, cell, and method using 5-transistor compare circuit and avoiding crowbar current
US20020138740A1 (en) * 2001-03-22 2002-09-26 Bridgepoint Systems, Inc. Locked portal unlocking control apparatus and method
US20060177052A1 (en) 2002-05-23 2006-08-10 Hubert Gerardus T S-box encryption in block cipher implementations
US20040228482A1 (en) 2003-04-04 2004-11-18 Stmicroelectronics S.R.L. Method of implementing one-to-one binary function and relative hardware device, especially for a Rijndael S-box
US7502464B2 (en) 2003-04-04 2009-03-10 Stmicroelectronics S.R.L. Method of implementing one-to-one binary function and relative hardware device, especially for a Rijndael S-box
US7856099B2 (en) 2003-05-22 2010-12-21 Gemalto Sa Secure data transmission between two modules
US20050276095A1 (en) * 2003-07-14 2005-12-15 Fulcrum Microsystems Inc. Asynchronous static random access memory
US7545933B2 (en) 2004-02-25 2009-06-09 Infineon Technologies Ag Decryption circuit, encryption circuit, logic cell, and method of performing a dual-rail logic operation in single-rail logic environment
US7631190B2 (en) * 2004-05-27 2009-12-08 Silverbrook Research Pty Ltd Use of variant and base keys with two entities
US8095993B2 (en) * 2004-06-08 2012-01-10 Hrl Laboratories, Llc Cryptographic architecture with instruction masking and other techniques for thwarting differential power analysis
US20090055458A1 (en) 2004-09-24 2009-02-26 O'neil Sean Substitution Boxes
JP2006229485A (en) 2005-02-16 2006-08-31 Sony Corp Circuit and method for signal processing
US20080276106A1 (en) * 2005-03-16 2008-11-06 Tosoh Corportion Data Conversion Apparatus and Data Conversion Method
US20100002872A1 (en) 2006-09-01 2010-01-07 Kyoji Shibutani Data transformation apparatus, data transformation method, and computer program
US20080143561A1 (en) 2006-12-15 2008-06-19 Yoshikazu Miyato Operation processing apparatus, operation processing control method, and computer program
US20100322411A1 (en) * 2007-09-07 2010-12-23 Greenpeak Technologies B.V. Encrypton Processor
US20100208885A1 (en) * 2007-10-04 2010-08-19 Julian Philip Murphy Cryptographic processing and processors
KR20090079664A (en) 2008-01-18 2009-07-22 고려대학교 산학협력단 Masking method of ARIA , and ARIA encryption apparatus and method using thereof
US20090245510A1 (en) * 2008-03-25 2009-10-01 Mathieu Ciet Block cipher with security intrinsic aspects
US20100115286A1 (en) 2008-10-30 2010-05-06 Qualcomm Incorporated Low latency block cipher
US20100232602A1 (en) * 2009-03-13 2010-09-16 Hiromi Nobukata Encryption processing apparatus
US8832464B2 (en) * 2009-03-31 2014-09-09 Oracle America, Inc. Processor and method for implementing instruction support for hash algorithms
US20100329450A1 (en) 2009-06-30 2010-12-30 Sun Microsystems, Inc. Instructions for performing data encryption standard (des) computations using general-purpose registers

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Giaconia, Matteo et al., "Area and Power Efficient Synthesis of DPA-Resistant Cryptographic S-Boxes", 20th International Conference on VLSI Design, IEEE 2007, 7 pages.

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10891396B2 (en) 2016-05-27 2021-01-12 Samsung Electronics Co., Ltd. Electronic circuit performing encryption/decryption operation to prevent side- channel analysis attack, and electronic device including the same

Also Published As

Publication number Publication date
US20160112194A1 (en) 2016-04-21
KR101646705B1 (en) 2016-08-09
US8750497B2 (en) 2014-06-10
US20110129085A1 (en) 2011-06-02
KR20110061280A (en) 2011-06-09

Similar Documents

Publication Publication Date Title
US10769309B2 (en) Apparatus and method for generating identification key
US11856116B2 (en) Method and apparatus for protecting embedded software
JP6354172B2 (en) Semiconductor integrated circuit and authentication system
Sivaraman et al. Ring oscillator as confusion–diffusion agent: a complete TRNG drove image security
US8370642B2 (en) Cryptographic processing apparatus
US7248696B2 (en) Dynamic system bus encryption using improved differential transitional encoding
CN107483180B (en) High-stability physical unclonable function circuit
US9325494B2 (en) Method for generating a bit vector
US9344273B2 (en) Cryptographic device for implementing S-box
WO2014091559A1 (en) Integrated security device and signal processing method used by integrated security device
US10797891B2 (en) Physically unclonable function resistant to side-channel attack and method therefor
US7876893B2 (en) Logic circuit and method for calculating an encrypted result operand
CN117010032B (en) SRAM physical unclonable function circuit capable of automatically reading and clearing and equipment
KR101373576B1 (en) Des encryption system
KR101673163B1 (en) Physically unclonable function circuit using the dual rail delay logic
Chhabra et al. Towards the enhancement of AES IP security using hardware obfuscation technique: A practical approach for secure data transmission in IoT
CN116432202A (en) High-concealment hardware Trojan circuit and control method thereof
Swayamprakash et al. Design of Advanced Encryption Standard using Verilog HDL
Shumsky et al. Security-oriented encoding of robust codes for non-uniformly distributed words
YAMAMOTO Security Evaluation and Improvement of Physically Unclonable Functions
山本大 et al. Security Evaluation and Improvement of Physically Unclonable Functions
JP2006279868A (en) Semiconductor device, and ic card comprising the same

Legal Events

Date Code Title Description
STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8